Friday, January 13, 2012

Spring Security 3.1 - Implement UserDetailsService with Spring Data JPA (Part 1)

In this tutorial, we will create a simple Spring MVC application and secure it with Spring Security 3.1. We have a custom database schema where we will retrieve our authorized users and respective roles. Consequently, we will implement a custom UserDetailsService with the help of Spring Data JPA for quick implementation of JPA based repositories.


Dependencies

  • Spring core 3.1.0.RELEASE
  • Spring Security 3.1.0.RELEASE
  • Spring Data JPA 1.1.0.M1
  • See pom.xml for details

Github

To access the source code, please visit the project's Github repository (click here)

Functional Specs

Before we start, we define our application's specs as follows:
  • Two types of users: admin and regular users
  • A login page that's accessible to all types of users, including unauthorized users
  • All other pages are visible to registered users only
  • A home page
  • A user page
  • An admin page which is visible only to admins

Database

As mentioned earlier, our application relies on a custom database schema to obtain its users.
The database contains two tables: user and role tables.


user and role table design

User table

The user table contains personal information of each user. Notice the password values are hashed using Md5.

user table

Role table

The role table contains role values of each user. We define a role value of 1 as an admin, while a role value of 2 as a regular user.

role table

Screenshots

Before we start the actual development, let's preview how our application should look like by providing screenshots. This is also a good way to clarify further the application's specs.

Login page
The login page contains two input fields: a username and a password field.

Login

Login failure page
When a user fails to login, the login page is displayed again with an error message Login Failure! at the bottom.

Login failure

User's view
When a regular user logs-in, the user should be redirected to the home page with Home, User, and Logout pages accessible to the user.

User's view

Admin's view
When an admin user logs-in, the user should be redirected to the home page with Home, User, Admin, and Logout pages accessible to the user.

Admin's view

Logout success page
When a user successfully logs out, the login page is displayed again with a success message Logout Success! at the bottom.

Logout success

Next

In the next section, we will discuss the project's structure and start writing the Java classes. Click here to proceed.
StumpleUpon DiggIt! Del.icio.us Blinklist Yahoo Furl Technorati Simpy Spurl Reddit Google I'm reading: Spring Security 3.1 - Implement UserDetailsService with Spring Data JPA (Part 1) ~ Twitter FaceBook

Subscribe by reader Subscribe by email Share

18 comments:

  1. /* Excuse me for my english */
    First, I thank Mr. Krams for this very interesting tutorial. and i wonder if
    someone can help me by posting an updated pom.xml for this project, in fact there is some problems in the "goldin" dependency.
    thank you

    ReplyDelete
    Replies
    1. Can you elaborate what specific problems are these?

      Delete
    2. no persistence unit hibernate jpa found)) error Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'entityManagerFactory' defined in ServletContext resource [/WEB-INF/spring-data.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: No persistence unit with name 'hibernatePersistenceUnit' found
      at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:527) [spring-beans-3.1.0.RELEASE.jar:3.1.0.RELEASE]

      Delete
  2. No doubt this tutorial is interesting and useful in some way. But Spring JPA in real production... too many Spring...

    ReplyDelete
    Replies
    1. I don't see what's wrong with Spring JPA in real production. We use Spring JPA in production and it saved us development time. Adding a new query is just a matter of updating the interface.

      Delete
  3. Very thanks for this interesting tutorial.
    But it would be very helpful to add to this tutorial example how to implement
    internationalization and localization for Spring Security.
    I google a lot about this problem but find out only how to implement internationalization and localization
    for Spring MVC (for example http://blog.springsource.org/2009/12/21/mvc-simplifications-in-spring-3-0/).
    I can't found working example of Spring Security. I mean that I want to have change locale on the login page
    and get error message on the login page accordingly to this locale.
    I trying to implement my own decision for this problem, but it always get messages in system locale.

    Thank you

    ReplyDelete
  4. Hi, Is there anyway to define user roles in dynamically? instead of hard coding we can able to dynamically add/delete roles for a define entitlements.

    ReplyDelete
  5. Great job ! Thanks for this nice tutorial ;)

    ReplyDelete
  6. Hey Krams, I would like to ask you a question regarding a database schema of your example. I would suppose that if there are two tables for the user and his roles because one user can have one or many roles assigned. However, you are using OneToOne relationship with User and Role entity object further on. In this case I see no point of using two tables and entities there... We could have only user entity with additional "role" attribute.

    ReplyDelete
  7. I have read your blog its very attractive and impressive. I like it your blog.

    Spring online training Spring online training Spring Hibernate online training Spring Hibernate online training Java online training

    spring training in chennai spring hibernate training in chennai

    ReplyDelete
  8. Good Post! Thank you so much for sharing this pretty post, it was so good to read and useful to improve my knowledge as updated one, keep blogging.

    core java training in Electronic City

    Hibernate Training in electronic city

    spring training in electronic city

    java j2ee training in electronic city

    ReplyDelete
  9. Great Article… I love to read your articles because your writing style is too good,
    its is very very helpful for all of us and I never get bored while reading your article because,
    they are becomes a more and more interesting from the starting lines until the end.


    Java training in Chennai

    Java training in Bangalore

    Java online training

    Java training in Pune

    ReplyDelete
  10. I have gone through your blog post, nice blog it’s very helpful and I really thankful for you.
    we provide best services autocad classes in Bhopal as well as CPCT training in bhopal we provide service ,
    projector repairing also done by us.
    autocad in bhopal
    3ds max classes in bhopal
    CPCT Coaching in Bhopal
    java coaching in bhopal
    Autocad classes in bhopal
    Catia coaching in bhopal

    ReplyDelete
  11. Thanks for sharing this wonderful information. I hope you will share more helpful information regarding the content.
    web portal development company in chennai
    sem services in chennai
    professional web design company in chennai

    ReplyDelete
  12. If you are looking for complete guidance regarding introduction to Spring Data JPA, then you are in the right place. Watch our videos to know more!

    ReplyDelete
  13. It's really a nice and useful piece of information about Java. I'm satisfied that you shared this helpful information with us.Please keep us informed like this. Thank you for sharing.


    Java training in chennai | Java training in annanagar | Java training in omr | Java training in porur | Java training in tambaram | Java training in velachery

    ReplyDelete